Skip to content

algamil7x/redirector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
payloads.py
payloads.py
 
 
redirector.py
redirector.py
 
 
requirements.txt
requirements.txt
 
 
validators.py
validators.py
 
 

Repository files navigation

🚀 Redirector

Advanced Open Redirect Bypass Engine
Built for real-world bug bounty hunting.

License Python Engine BugBounty Notify

🔥 Features

  • ✅ OAuth Redirect Testing
  • ✅ Dynamic Payload Generation
  • ✅ Target-Aware Payloads
  • ✅ Mixed Bypass Payloads
  • ✅ Smart External Redirect Validation
  • ✅ False Positive Reduction
  • ✅ Custom Headers Support
  • ✅ Cookie-Based Session Support
  • ✅ GET / POST Support
  • ✅ Smart Auth Detection
  • ✅ Notify Integration / Discord Alerts
  • ✅ Silent Mode Support for Automation

⚡ Modes

Mode Description
basic Fast basic redirect payloads
custom Target-aware bypass payloads
full Full advanced bypass payloads

📦 Installation

Clone Repository

git clone https://github.com/algamil7x/redirector.git

cd redirector

Install Requirements

sudo apt install python3-requests -y

#Install Notify (Optional)

go install -v github.com/projectdiscovery/notify/cmd/notify@latest

🚀 Usage

Basic Scan

python3 redirector.py \
-u "https://target.com/?next=test" \
-a evil.com \
-m basic

Custom Bypass Scan

python3 redirector.py \
-u "https://target.com/?next=test" \
-a evil.com \
-m custom

Full Advanced Scan

python3 redirector.py \
-u "https://target.com/?next=test" \
-a evil.com \
-m full

🔐 Authenticated Scanning

Using Cookies

python3 redirector.py \
-u "https://target.com/login?next=test" \
-a evil.com \
-m custom \
--cookie "session=abc123"

Using Custom Headers

python3 redirector.py \
-u "https://target.com/oauth?redirect=test" \
-a evil.com \
--header "Authorization: Bearer TOKEN"

POST Requests

python3 redirector.py \
-u "https://target.com/auth" \
-a evil.com \
-X POST

📂 File Scan

python3 redirector.py \
-l urls.txt \
-a evil.com \
-m full

🔔 Notify Integration

Send Confirmed Findings to Discord

python3 redirector.py \
-l urls.txt \
-a evil.com \
-m full \
-n

🔇 Silent Mode

Run scanner silently (only outputs confirmed open redirects)

Useful for integration with automation pipelines and scripts to avoid noisy output logs and banners.

python3 redirector.py \
-l urls.txt \
-a evil.com \
-s

🧠 Smart Authentication Detection

Redirector automatically detects authentication-related endpoints:

  • login
  • signin
  • oauth
  • session
  • connect
  • auth
  • account

Cookies & headers are only used when needed to reduce noise and improve stealth.

🛡️ False Positive Reduction

Redirector validates:

  • External hostname matching
  • Real redirect behavior
  • Location header analysis
  • Redirect status codes
  • Target-aware validation

Only confirmed redirects are reported.

📞 Contact

⚠️ Disclaimer

This tool is intended for authorized security testing and bug bounty programs only.

Use responsibly.

About

Advanced Open Redirect Bypass Engine for Bug Bounty Hunting

x.com/algamil7x

Topics

security bugbounty pentest bug-hunting open-redirect

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages